Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9b11d4f9dfe876e7fcc7f7266475ea0a743c1130a4ae65fb22c8469ecae8d726
-
Size
840KB
-
MD5
56c5f426b1cdba05b3c509ab36d892c8
-
SHA1
973ea6062306e6885cb9dbd8aae531f68c6f9f72
-
SHA256
9b11d4f9dfe876e7fcc7f7266475ea0a743c1130a4ae65fb22c8469ecae8d726
-
SHA512
b887d6538a26e4bb04d5fdfa1cfa5b50349799c7012a616375adb823b0d4f4f1154c55b47d8841bea96ce7ddb97ce5be7f105bd9ff780ea13456a03e850e13dd
-
SSDEEP
24576:k9KS04YNEMuExDiU6E5R9s8xY/2l/dO5Ibt+ry:k9G4auS+UjfU2TQIbt+r
Malware Config
Extracted
orcus
1337test
5email-hitting.gl.at.ply.gg
b018d32e87de4be29307720637b74310
-
administration_rights_required
false
-
anti_debugger
false
-
anti_tcp_analyzer
false
-
antivm
false
-
autostart_method
1
-
change_creation_date
false
-
force_installer_administrator_privileges
false
-
hide_file
false
-
install
false
-
installation_folder
%appdata%\Microsoft\Speech\AudioDriver.exe
-
installservice
false
-
keylogger_enabled
false
-
newcreationdate
10/24/2024 21:17:46
-
plugins
AgEAAA==
-
reconnect_delay
10000
-
registry_autostart_keyname
Audio HD Driver
-
registry_hidden_autostart
false
-
set_admin_flag
false
-
tasksch_name
Audio HD Driver
-
tasksch_request_highest_privileges
false
-
try_other_autostart_onfail
false
Signatures
-
Orcus family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
9b11d4f9dfe876e7fcc7f7266475ea0a743c1130a4ae65fb22c8469ecae8d726
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections